nix flake update

damocles-lab misc
update nova-shell
2026-04-30 00:00:44 +02:00 · 2026-04-29 23:58:15 +02:00 · 2026-04-29 21:38:54 +02:00 · 2026-04-29 21:38:40 +02:00
7 changed files with 132 additions and 73 deletions
--- a/flake.lock
+++ b/flake.lock
@ -363,11 +363,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776200608,
-        "narHash": "sha256-broZ6RFQr4Fv0wT73gGmzNX14A43TmTFF8g4wDKlNss=",
+        "lastModified": 1777031541,
+        "narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=",
        "owner": "nix-community",
        "repo": "naersk",
-        "rev": "8b23250ab45c2a38cd91031aee26478ca4d0a28e",
+        "rev": "5e73301621274c44798bf6c6211ed27fc2ced201",
        "type": "github"
      },
      "original": {
@ -390,11 +390,11 @@
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
-        "lastModified": 1776879043,
-        "narHash": "sha256-M9RjuowtoqQbFRdQAm2P6GjFwgHjRcnWYcB7ChSjDms=",
+        "lastModified": 1777472199,
+        "narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=",
        "owner": "sodiboo",
        "repo": "niri-flake",
-        "rev": "535ebbe038039215a5d1c6c0c67f833409a5be96",
+        "rev": "323a80f2ce4541c595d491acbd15a8800201cbae",
        "type": "github"
      },
      "original": {
@ -423,11 +423,11 @@
    "niri-unstable": {
      "flake": false,
      "locked": {
-        "lastModified": 1776853441,
-        "narHash": "sha256-mSxfoEs7DiDhMCBzprI/1K7UXzMISuGq0b7T06LVJXE=",
+        "lastModified": 1777468255,
+        "narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=",
        "owner": "YaLTeR",
        "repo": "niri",
-        "rev": "74d2b18603366b98ec9045ecf4a632422f472365",
+        "rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d",
        "type": "github"
      },
      "original": {
@ -458,11 +458,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776828494,
-        "narHash": "sha256-gQ5+syn8ndyF/+c5g5ZpeAScNKhkTF4/63JsO2hqGHo=",
+        "lastModified": 1777434090,
+        "narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "ea6764d22ff5478f5db39ede57eeafc70d14e8e6",
+        "rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b",
        "type": "github"
      },
      "original": {
@ -588,11 +588,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1776329215,
-        "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
+        "lastModified": 1777270315,
+        "narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b86751bc4085f48661017fa226dee99fab6c651b",
+        "rev": "6368eda62c9775c38ef7f714b2555a741c20c72d",
        "type": "github"
      },
      "original": {
@ -604,11 +604,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1776734388,
-        "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
+        "lastModified": 1777077449,
+        "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
+        "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
        "type": "github"
      },
      "original": {
@ -643,11 +643,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1777295064,
-        "narHash": "sha256-A+Ooli4ckGyiT+zh10Ybj3nY2ql4QX1p6q6HrKCDvpA=",
+        "lastModified": 1777479755,
+        "narHash": "sha256-rKha1HlZIYn+nhptqOSaSPGywXXdM5S462oiXh64EWM=",
        "ref": "refs/heads/main",
-        "rev": "adb6c21135c93e0c57517ba90a32dd8f6bf2704d",
-        "revCount": 578,
+        "rev": "7ab784e101b69f35f65e300d5779888624f7a7a5",
+        "revCount": 596,
        "type": "git",
        "url": "https://git.berlin.ccc.de/vinzenz/nova-shell"
      },
@ -666,11 +666,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776893492,
-        "narHash": "sha256-V4r/mdAFHe6fRiu3D+3+UdclSH7LJoHfv+4Y1YNawK0=",
+        "lastModified": 1777499139,
+        "narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "0aa8e8fc21887cc34a4c0e3816f08b56795f52ca",
+        "rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc",
        "type": "github"
      },
      "original": {
@ -887,11 +887,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1775935110,
-        "narHash": "sha256-twTHKUFXjNNsaAvX0KoaIClt+923jXDRbfCd9PC/f0o=",
+        "lastModified": 1776894428,
+        "narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=",
        "owner": "nix-community",
        "repo": "stylix",
-        "rev": "14f248ad1a7668e7858c6d9163608c208b7daf02",
+        "rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -129,6 +129,9 @@
        damocles = {
          system = "x86_64-linux";
        };
+        damocles-lab = {
+          system = "x86_64-linux";
+        };
        epimetheus = {
          system = "aarch64-linux";
        };
@ -232,7 +235,7 @@
          device,
          system,
          home-manager-users ? { },
-          nixosSystem ? nixpkgs.lib.nixosSystem
+          nixosSystem ? nixpkgs.lib.nixosSystem,
        }:
        let
          specialArgs = inputs // {
--- a/nixosConfigurations/damocles-lab/default.nix
+++ b/nixosConfigurations/damocles-lab/default.nix
@ -0,0 +1,16 @@
+{ pkgs, ... }:
+{
+  imports = [ ../damocles/claude-container.nix ];
+
+  services.openssh = {
+    enable = true;
+    ports = [ 2222 ];
+    # Path written into sshd_config as a string — not read at eval time.
+    # Key can be rotated without a rebuild.
+    authorizedKeysFiles = [ "/persist/damocles-ssh/id_ed25519.pub" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+
+  ];
+}
--- a/nixosConfigurations/damocles/claude-container.nix
+++ b/nixosConfigurations/damocles/claude-container.nix
@ -0,0 +1,44 @@
+{
+  pkgs,
+  self,
+  lib,
+  ...
+}:
+{
+
+  nixpkgs.overlays = [ self.overlays.unstable-packages ];
+  allowedUnfreePackages = [ "claude-code" ];
+
+  environment.systemPackages = with pkgs; [
+    unstable.claude-code
+    git
+    python3
+    coreutils-full
+    gawk
+    gnugrep
+    curl
+  ];
+
+  boot.isContainer = true;
+
+  programs.nix-ld = {
+    enable = true;
+    libraries = with pkgs; [
+      stdenv.cc.cc.lib
+      zlib
+    ];
+  };
+
+  # Container shares host network namespace (privateNetwork = false), so the
+  # host's tailscale already covers this. Running a second tailscaled in the
+  # same netns fights over routing and breaks connectivity after sleep/wake.
+  services.tailscale.enable = lib.mkForce false;
+  networking.firewall.checkReversePath = lib.mkForce "strict";
+
+  users.users.muede = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+}
--- a/nixosConfigurations/damocles/default.nix
+++ b/nixosConfigurations/damocles/default.nix
@ -1,45 +1,14 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  lib,
-  self,
-  ...
-}:
-{
-  imports = [ ./android-dev.nix ];
-
-  nixpkgs.overlays = [ self.overlays.unstable-packages ];
-
-  boot.isContainer = true;
-
-  # Container shares host network namespace (privateNetwork = false), so the
-  # host's tailscale already covers this. Running a second tailscaled in the
-  # same netns fights over routing and breaks connectivity after sleep/wake.
-  services.tailscale.enable = lib.mkForce false;
-  networking.firewall.checkReversePath = lib.mkForce "strict";
-
-  allowedUnfreePackages = [ "claude-code" ];
+  imports = [
+    ./android-dev.nix
+    ./claude-container.nix
+  ];

  environment.systemPackages = with pkgs; [
-    unstable.claude-code
-    git
-    python3
-    coreutils-full
-    gawk
-    gnugrep
+    cargo
+    rustc
+    clippy
+    gh
  ];
-
-  users.users.muede = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  programs.nix-ld = {
-    enable = true;
-    libraries = with pkgs; [
-      stdenv.cc.cc.lib
-      zlib
-    ];
-  };
 }
--- a/nixosConfigurations/muede-lpt2/default.nix
+++ b/nixosConfigurations/muede-lpt2/default.nix
@ -65,6 +65,28 @@
      autoStart = false;
      privateNetwork = false;
      path = self.nixosConfigurations.damocles.config.system.build.toplevel;
+      bindMounts."/persist/damocles-ssh" = {
+        hostPath = "/persist/damocles-ssh";
+        isReadOnly = true;
+      };
+      bindMounts."/persist/damocles-lab" = {
+        hostPath = "/persist/damocles-lab";
+        isReadOnly = false;
+      };
+    };
+
+    containers.damocles-lab = {
+      autoStart = false;
+      privateNetwork = false;
+      path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel;
+      bindMounts."/workspace" = {
+        hostPath = "/persist/damocles-lab";
+        isReadOnly = false;
+      };
+      bindMounts."/persist/damocles-ssh" = {
+        hostPath = "/persist/damocles-ssh";
+        isReadOnly = true;
+      };
    };

    # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn
@ -76,6 +98,11 @@
      RestartSec = "5s";
    };

+    systemd.services."container@damocles-lab".serviceConfig = {
+      TimeoutStopSec = "60s";
+      RestartSec = "5s";
+    };
+
    boot.enableContainers = true;
    virtualisation.containers.enable = true;
  };
Author	SHA1	Message	Date
müde	f5a7d1ec10	nix flake update	2026-04-30 00:00:44 +02:00
müde	4d872cd632	damocles-lab misc	2026-04-29 23:58:15 +02:00
müde	7b56f73a48	update nova-shell	2026-04-29 21:38:54 +02:00
müde	27a71e94ce	add damocles-lab container	2026-04-29 21:38:40 +02:00